From 0433efb5e0c4b5c71415fd79abd1b52b2c9b3404 Mon Sep 17 00:00:00 2001
From: yukang <moorekang@gmail.com>
Date: Tue, 24 Aug 2021 14:43:00 +0000
Subject: [PATCH 1/5] fix #209, pass root-readonly

---
 README.md           | 2 +-
 integration_test.sh | 2 +-
 src/process/init.rs | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 36055503..4a57f8e9 100644
--- a/README.md
+++ b/README.md
@@ -47,7 +47,7 @@ youki is not at the practical stage yet. However, it is getting closer to practi
 |    Seccomp     |             Filtering system calls              |                     WIP on [#25](https://github.com/containers/youki/issues/25)                     |
 |     Hooks      | Add custom processing during container creation |                                                  ✅                                                  |
 |    Rootless    |   Running a container without root privileges   | It works, but cgroups isn't supported. WIP on [#77](https://github.com/containers/youki/issues/77)  |
-| OCI Compliance |        Compliance with OCI Runtime Spec         |                                   39 out of 55 test cases passing                                   |
+| OCI Compliance |        Compliance with OCI Runtime Spec         |                                   40 out of 55 test cases passing                                   |
 
 # Getting Started
 
diff --git a/integration_test.sh b/integration_test.sh
index fadb6999..94e71063 100755
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -64,7 +64,7 @@ test_cases=(
   "process_rlimits/process_rlimits.t"
   "process_rlimits_fail/process_rlimits_fail.t"
   # "process_user/process_user.t"
-  # "root_readonly_true/root_readonly_true.t"
+  "root_readonly_true/root_readonly_true.t"
   # Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
   # "start/start.t"
   "state/state.t"
diff --git a/src/process/init.rs b/src/process/init.rs
index 8075543e..c307c88d 100644
--- a/src/process/init.rs
+++ b/src/process/init.rs
@@ -311,6 +311,11 @@ pub fn container_init(
         }
     }
 
+    if let Some(true) = spec.root.as_ref().map(|r| r.readonly.unwrap_or(false)) {
+        let flags = MsFlags::MS_RDONLY | MsFlags::MS_REMOUNT | MsFlags::MS_BIND;
+        nix_mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?
+    }
+
     if let Some(paths) = &linux.readonly_paths {
         // mount readonly path
         for path in paths {

From e38045c58057f40de5840b13510929e2488a90c5 Mon Sep 17 00:00:00 2001
From: yukang <moorekang@gmail.com>
Date: Tue, 24 Aug 2021 14:45:38 +0000
Subject: [PATCH 2/5] fix style

---
 src/process/init.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/process/init.rs b/src/process/init.rs
index c307c88d..d393fe8c 100644
--- a/src/process/init.rs
+++ b/src/process/init.rs
@@ -312,8 +312,13 @@ pub fn container_init(
     }
 
     if let Some(true) = spec.root.as_ref().map(|r| r.readonly.unwrap_or(false)) {
-        let flags = MsFlags::MS_RDONLY | MsFlags::MS_REMOUNT | MsFlags::MS_BIND;
-        nix_mount(None::<&str>, "/", None::<&str>, flags, None::<&str>)?
+        nix_mount(
+            None::<&str>,
+            "/",
+            None::<&str>,
+            MsFlags::MS_RDONLY | MsFlags::MS_REMOUNT | MsFlags::MS_BIND,
+            None::<&str>,
+        )?
     }
 
     if let Some(paths) = &linux.readonly_paths {

From 3920f6e6f2d23c2ad7a2ffb9d5f7cd03c02fb681 Mon Sep 17 00:00:00 2001
From: yukang <moorekang@gmail.com>
Date: Tue, 24 Aug 2021 14:56:07 +0000
Subject: [PATCH 3/5] add pattern for running part of tests

---
 integration_test.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/integration_test.sh b/integration_test.sh
index 94e71063..61492e79 100755
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -2,6 +2,7 @@
 
 ROOT=$(pwd)
 RUNTIME=${ROOT}/youki
+PATTERN=${1:-.}
 
 cd integration_test/src/github.com/opencontainers/runtime-tools
 
@@ -93,6 +94,12 @@ for case in "${test_cases[@]}"; do
     continue
   fi
 
+  if [ $PATTERN != "." ]; then
+    if [[ ! $case =~ $PATTERN ]]; then
+      continue
+    fi
+  fi 
+
   echo "Running $case"
   logfile="./log/$case.log"
   mkdir -p "$(dirname $logfile)"

From 2d09af6d2bf28dfdf7b1db4293c7701a11aa7009 Mon Sep 17 00:00:00 2001
From: yukang <moorekang@gmail.com>
Date: Tue, 24 Aug 2021 14:59:54 +0000
Subject: [PATCH 4/5] tweak bash style

---
 integration_test.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/integration_test.sh b/integration_test.sh
index 61492e79..ffe005a8 100755
--- a/integration_test.sh
+++ b/integration_test.sh
@@ -94,10 +94,8 @@ for case in "${test_cases[@]}"; do
     continue
   fi
 
-  if [ $PATTERN != "." ]; then
-    if [[ ! $case =~ $PATTERN ]]; then
-      continue
-    fi
+  if [ $PATTERN != "." ] && [[ ! $case =~ $PATTERN ]]; then
+    continue    
   fi 
 
   echo "Running $case"

From 1aa467f7da36af5110d2b06944b18b05df97286d Mon Sep 17 00:00:00 2001
From: yukang <moorekang@gmail.com>
Date: Wed, 25 Aug 2021 00:46:45 +0000
Subject: [PATCH 5/5] add example for testing

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 4a57f8e9..417cec79 100644
--- a/README.md
+++ b/README.md
@@ -158,6 +158,8 @@ Go and node-tap are required to run integration test. See the [opencontainers/ru
 ```
 $ git submodule update --init --recursive
 $ ./integration_test.sh
+# run specific test_cases with pattern
+$ ./integration_test.sh linux_*
 ```
 
 ### Setting up Vagrant